P
US8510820B2ActiveUtilityPatentIndex 97

System and method for embedded authentication

Assignee: OBERHEIDE JONPriority: Dec 2, 2010Filed: Dec 2, 2011Granted: Aug 13, 2013
Est. expiryDec 2, 2030(~4.4 yrs left)· nominal 20-yr term from priority
Inventors:OBERHEIDE JONSONG DOUGLASGOODMAN ADAM
H04L 63/0272H04L 63/0807G06F 21/335H04L 63/0853
97
PatentIndex Score
66
Cited by
8
References
18
Claims

Abstract

Various systems and methods of embedded authentication are described herein. One method of the preferred embodiment can include receiving at an authentication server a transaction token from a host website, the host website including an embeddable interface and prompting a user challenge by the authentication server at the embeddable interface. The method of the preferred embodiment can also include creating a signed authentication token in response to a successful user challenge, and transmitting the signed authentication token from the authentication server to the embeddable interface.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method comprising:
 initiating an authentication session at a host server that comprises prompting a host website for credentials of a first layer of authentication with the host server and generating a transaction token; 
 delivering the transaction token from the host server to a host website comprising an embeddable interface; 
 receiving a signed authentication token at the host server from the embeddable interface, wherein the signed authentication token is authenticated in a second layer of authentication by an authentication server in response to a user challenge delivered by the authentication server to the embeddable interface and in response to authentication of the transaction token; 
 verifying the signed authentication token at the host server; and 
 if the authentication token is successfully verified, setting an application-level state of a successful authentication. 
 
     
     
       2. The method of  claim 1 , wherein the embeddable interface comprises an iframe within a webpage. 
     
     
       3. The method of  claim 1 , wherein the credentials comprises a user name and password. 
     
     
       4. The method of  claim 1 , wherein the transaction token comprises a signed cookie. 
     
     
       5. The method of  claim 1 , wherein the user challenge comprises a secondary message transmitted to the embeddable interface. 
     
     
       6. A method comprising:
 receiving at an authentication server a transaction token from a host website, the host website comprising an embeddable interface; 
 at the authentication server, authenticating the transaction token to be a transaction token from a host that indicates a successful first layer of authentication at the host server; 
 prompting a user challenge of a second layer of authentication by the authentication server at the embeddable interface; 
 in response to a successful user challenge and an authentic transaction token, creating a signed authentication token; and 
 transmitting the signed authentication token from the authentication server to the embeddable interface. 
 
     
     
       7. The method of  claim 6 , wherein the embeddable interface comprises an iframe within a webpage. 
     
     
       8. The method of  claim 6 , wherein the transaction token comprises a signed cookie. 
     
     
       9. The method of  claim 6 , wherein the user challenge comprises a secondary message transmitted to the embeddable interface. 
     
     
       10. The method of  claim 9 , wherein the user challenge comprises one of a voice call, an SMS message, an MMS message, a fax message, an instant message, an email, a security question, a push notification, a one-time password, or identification of an authentication agent. 
     
     
       11. The method of  claim 6 , wherein the signed authentication token comprises a signed cookie. 
     
     
       12. The method of  claim 6 , further comprising in response to an unsuccessful user challenge, transmitting an alternative message to the embeddable interface for delivery to a host server. 
     
     
       13. A method comprising:
 receiving at an authentication server an authentication session initialization request from an embeddable interface, wherein the authentication session initialization request is generated by a virtual private network (VPN) access system in response to a successful first layer of identification; 
 authenticating the authentication session initialization request at the authentication server; 
 prompting a user challenge of a second layer of authentication by the authentication server at the embeddable interface; 
 in response to a successful user challenge, creating a signed authentication token; and 
 verifying the signed authentication token between the authentication server and a VPN system. 
 
     
     
       14. The method of  claim 13 , wherein the embeddable interface comprises an iframe within a webpage. 
     
     
       15. The method of  claim 13 , wherein the user challenge comprises a secondary message transmitted to the embeddable interface. 
     
     
       16. The method of  claim 15 , wherein the user challenge comprises one of a voice call, an SMS message, an MMS message, a fax message, an instant message, an email, a security question, a push notification, a one-time password, or identification of an authentication agent. 
     
     
       17. The method of  claim 13 , wherein verifying the signed authentication token between the authentication server and the VPN system comprises returning the signed authentication token from the VPN system to the authentication server such that the authentication server can perform verification. 
     
     
       18. The method of  claim 13 , further comprising in response to an unsuccessful user challenge, transmitting an alternative message to the embeddable interface to delivery to the VPN system.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.